Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google search results redirect me to random sites


  • Please log in to reply
1 reply to this topic

#1 cleanjack

cleanjack

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 01 October 2010 - 09:00 AM

just yesterday my google search results started redirecting me to all these random sites. i did full system scans with norton antivirus and ad aware but they both came up empty, so i downloaded hijackthis and proceeded to this forum.

in the preparation guide, i completed steps 1-7.

i'm having trouble with step 8 (creating a gmer log) because after i click the gmer.exe file, the program opens up but i get an error message that says "C:Windowssystem32configsystem: The system cannot find the file specified."

many of the check boxes on the right are grayed-out (System, Sections, IAT/EAT, Devices, Modules, Processes, Threads, Libraries). There are only a few options that i can check/uncheck (Services, Registry, Files). because of this, i cannot match the options that i need checked according to the preparation guide.

how should i proceed?

i am running windows 7 and my main/only browser is firefox

DDS (Ver_10-03-17.01) - NTFSX64
Run by Robert at 16:26:33.88 on Fri 10/01/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3832.2099 [GMT -4:00]


============== Running Processes ===============

C:Windowssystem32wininit.exe
C:Windowssystem32lsm.exe
C:Windowssystem32svchost.exe -k DcomLaunch
C:Windowssystem32svchost.exe -k RPCSS
C:Windowssystem32atiesrxx.exe
C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted
C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted
C:Windowssystem32svchost.exe -k netsvcs
C:Windowssystem32svchost.exe -k LocalService
C:Windowssystem32atieclxx.exe
C:Windowssystem32svchost.exe -k NetworkService
C:Program Files (x86)LavasoftAd-AwareAAWService.exe
C:WindowsSystem32spoolsv.exe
C:Windowssystem32svchost.exe -k LocalServiceNoNetwork
C:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonation
C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe
C:Windowssystem32taskhost.exe
C:Program Files (x86)BonjourmDNSResponder.exe
C:Program Files (x86)CinemaNowCinemaNow Media ManagerCinemanowSvc.exe
c:Program Files (x86)Common FilesLightScribeLSSrvc.exe
C:Program Files (x86)Norton Internet SecurityEngine17.8.0.5ccSvcHst.exe
C:Program Files (x86)MicrosoftSearch Enhancement PackSeaPortSeaPort.exe
C:Windowssystem32Dwm.exe
C:WindowsExplorer.EXE
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE
C:Windowssystem32wbemunsecapp.exe
C:Windowssystem32SearchIndexer.exe
C:Windowssystem32wbemwmiprvse.exe
C:Windowssystem32WUDFHost.exe
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe
C:Program Files (x86)Norton Internet SecurityEngine17.8.0.5ccSvcHst.exe
C:Windowssystem32svchost.exe -k NetworkServiceNetworkRestricted
C:Program Files (x86)Hewlett-PackardHP Odometerhpsysdrv.exe
C:Program FilesHewlett-PackardHP MediaSmartSmartMenu.exe
C:WindowsSystem32rundll32.exe
C:Program Files (x86)PictureMoverBinPictureMover.exe
C:Program Files (x86)HpHP Software Updatehpwuschd2.exe
C:WindowsSysWOW64rundll32.exe
C:Program Files (x86)MSN ToolbarPlatform4.0.0369.0mswinext.exe
C:Program Files (x86)Common FilesJavaJava Updatejusched.exe
C:WindowsSysWOW64rundll32.exe
C:Windowssystem32svchost.exe -k imgsvc
C:Program FilesiPodbiniPodService.exe
C:Program Files (x86)LavasoftAd-AwareAAWTray.exe
c:Program Files (x86)ATI TechnologiesATI.ACECore-StaticMOM.exe
C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCCC.exe
C:Program Files (x86)Hewlett-PackardHP Health Checkhphc_service.exe
C:Program FilesWindows Media Playerwmpnetwk.exe
C:Program Files (x86)Winampwinamp.exe
C:Program Files (x86)Javajre6binjavaw.exe
C:Program Files (x86)Mozilla Firefoxfirefox.exe
C:Program Files (x86)Mozilla Firefoxplugin-container.exe
C:Windowssystem32SearchProtocolHost.exe
C:Windowssystem32SearchFilterHost.exe
C:UsersRobertDesktopdds.scr
C:Windowssystem32conhost.exe
C:Windowssystem32wbemwmiprvse.exe

============== Pseudo HJT Report ===============

mLocal Page = c:windowssyswow64blank.htm
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:program files (x86)common filesadobeacrobatactivexAcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:program files (x86)norton internet securityengine17.8.0.5coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:program files (x86)norton internet securityengine17.8.0.5IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:program files (x86)microsoftsearch enhancement packsearch helperSEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:program files (x86)common filesmicrosoft sharedwindows live

WindowsLiveLogin.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:program files (x86)msn toolbarplatform4.0.0369.0npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:program files (x86)javajre6binjp2ssv.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:program files (x86)msn toolbarplatform4.0.0369.0npwinext.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:program files (x86)norton internet securityengine17.8.0.5coIEPlg.dll
uRun: [uTorrent] "c:program files (x86)utorrentuTorrent.exe"
uRun: [Voobly]
uRun: [Google Update] "c:usersrobertappdatalocalgoogleupdateGoogleUpdate.exe" /c
uRun: [msnmsgr] "c:program files (x86)windows livemessengermsnmsgr.exe" /background
uRun: [Adobe cleanup] rundll32.exe "c:usersrobertlocal settingsapplication dataadobe updatermph.dll", StartProt
mRun: [StartCCC] "c:program files (x86)ati technologiesati.acecore-staticCLIStart.exe" MSRun
mRun: [HP Software Update] c:program files (x86)hphp software updateHPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [NortonOnlineBackupReminder] "c:program files (x86)symantecnorton online backupactivationNOBuActivation.exe" UNATTENDED
mRun: [MSN Toolbar] "c:program files (x86)msn toolbarplatform4.0.0369.0mswinext.exe"
mRun: [Microsoft Default Manager] "c:program files (x86)microsoftsearch enhancement packdefault managerDefMgr.exe" -resume
mRun: [SunJavaUpdateSched] "c:program files (x86)common filesjavajava updatejusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:program files (x86)adobereader 9.0readerReader_sl.exe"
mRun: [Adobe ARM] "c:program files (x86)common filesadobearm1.0AdobeARM.exe"
mRun: [QuickTime Task] "c:program files (x86)quicktimeQTTask.exe" -atboottime
mRun: [iTunesHelper] "c:program files (x86)itunesiTunesHelper.exe"
mRun: [Adobe products updater] rundll32.exe "c:usersrobertlocal settingsapplication dataadobe updatermph.dll", StartProt
StartupFolder: c:progra~3micros~1windowsstartm~1programsstartuppictur~1.lnk - c:program files (x86)picturemoverbinPictureMover.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:program files (x86)windows livewriterWriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
AppInit_DLLs: c:windowssystem32mcafeemn.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:program filescommon filesmicrosoft sharedwindows live

WindowsLiveLogin.dll
mRun-x64: [hpsysdrv] c:program files (x86)hewlett-packardhp odometerhpsysdrv.exe
mRun-x64: [SmartMenu] c:program fileshewlett-packardhp mediasmartSmartMenu.exe /background

================= FIREFOX ===================

FF - ProfilePath - c:usersrobertappdataroamingmozillafirefoxprofilesxh5qyn69.default
FF - prefs.js: browser.startup.homepage - www.nytimes.com
FF - component: c:programdatanorton{0c55c096-0f1d-4f28-aaa2-85ef591126e7}nis_17.0.0.136coffplgncomponentscoFFPlgn.dll
FF - component: c:programdatanorton{0c55c096-0f1d-4f28-aaa2-85ef591126e7}nis_17.0.0.136ipsffplgncomponentsIPSFFPl.dll
FF - plugin: c:program files (x86)javajre6binnew_pluginnpdeployJava1.dll
FF - plugin: c:program files (x86)msn toolbarplatform4.0.0369.0npwinext.dll
FF - plugin: c:program files (x86)windows livephoto galleryNPWLPG.dll
FF - plugin: c:usersdefaultappdatalocalhuludesktopinstances0.9.11.1nphdplg.dll
FF - plugin: c:usersrobertappdatalocalgoogleupdate1.2.183.29npGoogleOneClick8.dll
FF - plugin: c:usersrobertappdataroamingmozillapluginsnpgoogletalk.dll
FF - plugin: c:usersrobertappdataroamingmozillapluginsnpgtpo3dautoplugin.dll
FF - plugin: c:windowssyswow64macromedflashNPSWF32.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:program files (x86)mozilla firefoxextensions{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:program files (x86)mozilla firefoxgreprefsall.js - pref("ui.use_native_colors", true);
c:program files (x86)mozilla firefoxgreprefsall.js - pref("ui.use_native_popup_windows", false);
c:program files (x86)mozilla firefoxgreprefsall.js - pref("browser.enable_click_image_resizing", true);
c:program files (x86)mozilla firefoxgreprefsall.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:program files (x86)mozilla firefoxgreprefsall.js - pref("javascript.options.mem.high_water_mark", 32);
c:program files (x86)mozilla firefoxgreprefsall.js - pref("javascript.options.mem.gc_frequency", 1600);
c:program files (x86)mozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.lu", true);
c:program files (x86)mozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.nu", true);
c:program files (x86)mozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.nz", true);
c:program files (x86)mozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:program files (x86)mozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:program files (x86)mozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:program files (x86)mozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:program files (x86)mozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.tel", true);
c:program files (x86)mozilla firefoxgreprefsall.js - pref("network.auth.force-generic-ntlm", false);
c:program files (x86)mozilla firefoxgreprefsall.js - pref("network.proxy.type", 5);
c:program files (x86)mozilla firefoxgreprefsall.js - pref("network.buffer.cache.count", 24);
c:program files (x86)mozilla firefoxgreprefsall.js - pref("network.buffer.cache.size", 4096);
c:program files (x86)mozilla firefoxgreprefsall.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:program files (x86)mozilla firefoxgreprefsall.js - pref("svg.smil.enabled", false);
c:program files (x86)mozilla firefoxgreprefsall.js - pref("ui.trackpoint_hack.enabled", -1);
c:program files (x86)mozilla firefoxgreprefsall.js - pref("browser.formfill.debug", false);
c:program files (x86)mozilla firefoxgreprefsall.js - pref("browser.formfill.agedWeight", 2);
c:program files (x86)mozilla firefoxgreprefsall.js - pref("browser.formfill.bucketSize", 1);
c:program files (x86)mozilla firefoxgreprefsall.js - pref("browser.formfill.maxTimeGroupings", 25);
c:program files (x86)mozilla firefoxgreprefsall.js - pref("browser.formfill.timeGroupingSize", 604800);
c:program files (x86)mozilla firefoxgreprefsall.js - pref("browser.formfill.boundaryWeight", 25);
c:program files (x86)mozilla firefoxgreprefsall.js - pref("browser.formfill.prefixWeight", 5);
c:program files (x86)mozilla firefoxgreprefsall.js - pref("accelerometer.enabled", true);
c:program files (x86)mozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref",

true);
c:program files (x86)mozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:program files (x86)mozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:program files (x86)mozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:program files (x86)mozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:program files (x86)mozilla firefoxdefaultspreffirefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:program files (x86)mozilla firefoxdefaultspreffirefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:program files (x86)mozilla firefoxdefaultspreffirefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:program files (x86)mozilla firefoxdefaultspreffirefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name",

"chrome://browser/locale/browser.properties");
c:program files (x86)mozilla firefoxdefaultspreffirefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description",

"chrome://browser/locale/browser.properties");
c:program files (x86)mozilla firefoxdefaultspreffirefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:program files (x86)mozilla firefoxdefaultspreffirefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:program files (x86)mozilla firefoxdefaultspreffirefox.js - pref("lightweightThemes.update.enabled", true);
c:program files (x86)mozilla firefoxdefaultspreffirefox.js - pref("browser.allTabs.previews", false);
c:program files (x86)mozilla firefoxdefaultspreffirefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:program files (x86)mozilla firefoxdefaultspreffirefox.js - pref("plugins.update.notifyUser", false);
c:program files (x86)mozilla firefoxdefaultspreffirefox.js - pref("toolbar.customization.usesheet", false);
c:program files (x86)mozilla firefoxdefaultspreffirefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:program files (x86)mozilla firefoxdefaultspreffirefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:program files (x86)mozilla firefoxdefaultspreffirefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:program files (x86)mozilla firefoxdefaultspreffirefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:program files (x86)mozilla firefoxdefaultspreffirefox.js - pref("dom.ipc.plugins.enabled", false);
c:program files (x86)mozilla firefoxdefaultspreffirefox.js - pref("browser.taskbar.previews.enable", false);
c:program files (x86)mozilla firefoxdefaultspreffirefox.js - pref("browser.taskbar.previews.max", 20);
c:program files (x86)mozilla firefoxdefaultspreffirefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:windowssystem32driversLbd.sys [2010-8-13 69152]
R0 SymDS;Symantec Data Store;c:windowssystem32driversnisx641108000.005symds64.sys [2010-9-23 433200]
R0 SymEFA;Symantec Extended File Attributes;c:windowssystem32driversnisx641108000.005symefa64.sys [2010-9-23 221232]
R1 BHDrvx64;BHDrvx64;c:programdatanorton{0c55c096-0f1d-4f28-aaa2-85ef591126e7}nis_17.0.0.136definitionsbashdefs20100901.003BHDrvx64.sys [2010-8-31

954928]
R1 ccHP;Symantec Hash Provider;c:windowssystem32driversnisx641108000.005cchpx64.sys [2010-9-23 615040]
R1 IDSVia64;IDSVia64;c:programdatanorton{0c55c096-0f1d-4f28-aaa2-85ef591126e7}nis_17.0.0.136definitionsipsdefs20100930.005IDSviA64.sys [2010-10-1

463408]
R1 SymIRON;Symantec Iron Driver;c:windowssystem32driversnisx641108000.005ironx64.sys [2010-9-23 150064]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:windowssystem32driversnisx641108000.005symtdiv.sys [2010-9-23 451120]
R1 vwififlt;Virtual WiFi Filter Driver;c:windowssystem32driversvwififlt.sys [2009-7-13 59904]
R2 AMD External Events Utility;AMD External Events Utility;c:windowssystem32atiesrxx.exe [2010-7-3 202752]
R2 CinemaNow Service;CinemaNow Service;c:program files (x86)cinemanowcinemanow media managerCinemaNowSvc.exe [2010-2-26 127984]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:program files (x86)lavasoftad-awareAAWService.exe [2010-7-12 1356952]
R2 NIS;Norton Internet Security;c:program files (x86)norton internet securityengine17.8.0.5ccsvchst.exe [2010-9-23 126392]
R3 amdkmdag;amdkmdag;c:windowssystem32driversatipmdag.sys [2010-7-3 6366720]
R3 amdkmdap;amdkmdap;c:windowssystem32driversatikmpag.sys [2010-7-3 186880]
R3 EMUXMIDI;E-MU Xmidi Driver;c:windowssystem32driversEMUXMIDI.sys [2009-12-4 257624]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:program files (x86)common filessymantec sharedeengineEraserUtilRebootDrv.sys [2010-8-14 132656]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:program files (x86)lavasoftad-awarekernexplorer64.sys [2010-8-13 16928]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:windowssystem32driversnetr28x.sys [2010-7-3 852256]
R3 RTL8167;Realtek 8167 NT Driver;c:windowssystem32driversRt64win7.sys [2010-7-3 346144]
R3 usbfilter;AMD USB Filter Driver;c:windowssystem32driversusbfilter.sys [2010-7-3 39480]
S2 windump;Windows Dumper Host;c:windowssystem32windump.exe --> c:windowssystem32windump.exe [?]
S3 WatAdminSvc;Windows Activation Technologies Service;c:windowssystem32watWatAdminSvc.exe [2010-8-15 1255736]

=============== Created Last 30 ================

2010-10-01 13:33:03 20 ----a-w- c:usersrobertdefogger_reenable
2010-10-01 11:50:02 0 d-----w- c:program files (x86)Trend Micro
2010-10-01 02:50:27 0 d-----w- c:program files (x86)CCleaner
2010-09-30 23:24:20 2 ----a-w- c:usersroberttenmy.ini
2010-09-30 23:23:43 140288 ----a-w- c:windowssyswow64pcre3.dll
2010-09-30 23:23:42 40448 ----a-w- c:windowssyswow64winamnc_backup.dll
2010-09-30 23:23:41 40448 ----a-w- c:windowssyswow64mcafeemn.dll
2010-09-30 22:45:10 0 d-----w- c:program files (x86)Toontrack
2010-09-30 07:00:30 243712 ----a-w- c:windowssystem32driversks.sys
2010-09-29 10:02:25 2048 ----a-w- c:windowssyswow64tzres.dll
2010-09-29 10:02:25 2048 ----a-w- c:windowssystem32tzres.dll
2010-09-29 01:24:11 218 ----a-w- c:windowssyswow64lsprst7.tgz
2010-09-28 13:17:26 0 d-----w- c:program files (x86)Spectrasonics
2010-09-27 22:01:27 0 d-----w- c:program files (x86)Bome's Midi Translator Pro
2010-09-26 14:00:55 34152 ----a-w- c:windowssystem32driversGEARAspiWDM.sys
2010-09-26 14:00:55 126312 ----a-w- c:windowssystem32GEARAspi64.dll
2010-09-26 14:00:55 107368 ----a-w- c:windowssyswow64GEARAspi.dll
2010-09-26 14:00:28 0 d-----w- c:program filesiPod
2010-09-26 14:00:27 0 d-----w- c:programdata{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2010-09-26 14:00:27 0 d-----w- c:program filesiTunes
2010-09-26 14:00:27 0 d-----w- c:program files (x86)iTunes
2010-09-26 13:59:41 0 d-----w- c:programdataApple Computer
2010-09-26 13:58:13 0 d-----w- c:program filescommon filesApple
2010-09-26 13:58:05 0 d-----w- c:program filesBonjour
2010-09-26 13:58:05 0 d-----w- c:program files (x86)Bonjour
2010-09-25 12:29:57 2560 ----a-w- c:windows_MSRSTRT.EXE
2010-09-25 12:26:01 0 d-----w- c:usersrobertappdataroamingFastStone
2010-09-25 12:25:31 0 d-----w- c:program files (x86)FastStone Image Viewer
2010-09-25 12:18:14 0 d-----w- c:usersrobertappdataroamingpanoviewer
2010-09-25 12:18:14 0 d-----w- c:programdatapanoviewer
2010-09-24 14:48:05 598288 ----a-w- c:windowssyswow64temp.00C
2010-09-24 14:48:04 0 d-----w- c:program files (x86)J3 Technologies
2010-09-23 11:31:33 0 d-----w- c:program files (x86)MIDIOX
2010-09-22 11:11:14 21 ----a-w- c:usersrobertappdataroamingiasna_496F4C99-60CC-4b9e-AC1B-FA060E643C32.dll
2010-09-22 11:11:13 21 ----a-w- c:usersrobertappdataroamingiasna_82424970-0916-4145-974C-09EBC0BE67C0.dll
2010-09-22 11:11:13 20 ----a-w- c:usersrobertappdataroamingiasna_F4F01109-B336-401f-BDE2-7C1926744123.dll
2010-09-22 11:11:13 13 ----a-w- c:usersrobertappdataroamingiasna_FB9AECF7-F56E-7B2E-A862-9892AA545100.dll
2010-09-22 11:11:13 13 ----a-w- c:usersrobertappdataroamingiasna_D9C6A609-15A1-4768-8E98-6FA00C2547CC.dll
2010-09-22 11:11:13 13 ----a-w- c:usersrobertappdataroamingiasna_72024697-2626-4a12-8347-7CAC1834AC3B.dll
2010-09-21 07:44:57 0 d-----w- c:usersrobertappdataroamingPACE Anti-Piracy
2010-09-21 07:44:57 0 d-----w- c:programdataPACE Anti-Piracy
2010-09-21 07:44:57 0 d-----w- c:program files (x86)common filesPACE Anti-Piracy
2010-09-21 07:30:11 0 d-----w- c:usersrobertappdataroamingCycling '74
2010-09-21 05:59:21 0 d-----w- c:program files (x86)Cycling '74
2010-09-20 13:47:55 0 d-----w- c:usersrobertappdataroamingiZotope
2010-09-20 09:57:27 21 ----a-w- c:usersrobertappdataroamingiasna_C92E1371-3DF5-4322-9729-82CC0DD90ECA.dll
2010-09-20 09:11:51 1521348 ----a-w- c:windowssyswow64TmpA62324848
2010-09-20 09:06:19 272409 ----a-w- c:windowssyswow64TmpA61992784
2010-09-20 09:05:17 4074273 ----a-w- c:windowssyswow64TmpA61930727
2010-09-20 09:01:31 3693554 ----a-w- c:windowssyswow64TmpA61704791
2010-09-19 08:05:20 0 d-----w- c:usersrobertappdataroamingAntares
2010-09-19 08:05:20 0 d-----w- c:program files (x86)Antares Audio Technologies
2010-09-16 00:33:32 0 d-----w- c:program files (x86)JDownloader
2010-09-15 08:24:29 995383 ----a-w- c:windowssyswow64temp.00B
2010-09-15 08:24:29 77878 ----a-w- c:windowssyswow64temp.00A
2010-09-15 08:24:29 401462 ----a-w- c:windowssyswow64temp.009
2010-09-15 08:24:29 295000 ----a-w- c:windowssyswow64temp.008
2010-09-15 08:23:42 995383 ----a-w- c:windowssyswow64temp.007
2010-09-15 08:23:42 77878 ----a-w- c:windowssyswow64temp.006
2010-09-15 08:23:42 401462 ----a-w- c:windowssyswow64temp.005
2010-09-15 08:23:42 295000 ----a-w- c:windowssyswow64temp.004
2010-09-15 07:00:35 2058752 ----a-w- c:windowssyswow64iertutil.dll
2010-09-15 04:07:04 558592 ----a-w- c:windowssystem32spoolsv.exe
2010-09-09 06:09:18 0 d-----w- c:program files (x86)zbattle.net
2010-09-08 19:55:09 0 d-----w- c:program files (x86)URS Plugins
2010-09-08 15:17:46 94208 ----a-w- c:windowssyswow64QuickTimeVR.qtx
2010-09-08 15:17:46 69632 ----a-w- c:windowssyswow64QuickTime.qts
2010-09-08 07:01:22 0 d-----w- c:programdataiZotope
2010-09-07 23:44:45 411480 ----a-w- c:windowssyswow64tsccvid.dll
2010-09-07 23:44:43 0 d-----w- c:windowssyswow64QuickTime
2010-09-07 23:44:06 0 d-----w- c:programdataTechSmith
2010-09-07 23:44:06 0 d-----w- c:program files (x86)common filesTechSmith Shared
2010-09-06 00:48:59 0 d-----w- c:usersrobertappdataroamingWaves
2010-09-06 00:48:48 0 d-----w- c:usersrobertappdataroamingWaves Preferences
2010-09-06 00:44:53 0 d-----w- c:usersrobertappdataroamingWaves Audio
2010-09-05 01:36:39 0 d-----w- c:usersrobertdwhelper
2010-09-02 19:59:28 0 d-----w- c:program files (x86)Awave Studio
2010-09-01 20:29:36 0 d-----w- c:usersrobertTracing

==================== Find3M ====================

2010-08-21 07:00:59 2048 ----a-w- c:windowssyswow64sysprs7.dll
2010-08-21 06:56:25 2892 ----a-w- c:windowssyswow64audcon.sys
2010-08-17 16:17:02 153376 ----a-w- c:windowssyswow64javaws.exe
2010-08-17 16:17:02 145184 ----a-w- c:windowssyswow64javaw.exe
2010-08-17 16:17:01 423656 ----a-w- c:windowssyswow64deployJava1.dll
2010-08-17 16:17:01 145184 ----a-w- c:windowssyswow64java.exe
2010-08-17 00:42:12 834544 ----a-w- c:windowssystem32driverssptd.sys
2010-08-13 09:37:25 854 ----a-w- c:windowssystem32driversSYMEVENT64x86.INF
2010-08-13 09:37:25 7440 ----a-w- c:windowssystem32driversSYMEVENT64x86.CAT
2010-08-13 09:37:25 173104 ----a-w- c:windowssystem32driversSYMEVENT64x86.SYS
2010-08-13 09:30:29 0 --sha-r- c:windowssystem32drivers103C_HP_53316J G D_p6510f_Y53316J G D_0U_Q4CE026_EASMTE00000

DPS_4A_I2A92_SFOXCONN_V1.01_6.04_T100521_WU3-0_L409_M3832_J750_7AMD_8F52_92.80_#100813_N10EC8168;18143090_(WW639AA#ABA)_X_CD3_Z_2_G10029710.MRK
2010-07-29 06:30:34 82944 ----a-w- c:windowssyswow64iccvid.dll
2010-07-27 22:55:50 95520 ----a-w- c:windowssystem32dnssd.dll
2010-07-27 22:55:50 69408 ----a-w- c:windowssystem32jdns_sd.dll
2010-07-27 22:55:50 237856 ----a-w- c:windowssystem32dnssdX.dll
2010-07-27 22:55:50 119584 ----a-w- c:windowssystem32dns-sd.exe
2010-07-27 22:44:10 91424 ----a-w- c:windowssyswow64dnssd.dll
2010-07-27 22:44:10 75040 ----a-w- c:windowssyswow64jdns_sd.dll
2010-07-27 22:44:10 197920 ----a-w- c:windowssyswow64dnssdX.dll
2010-07-27 22:44:10 107808 ----a-w- c:windowssyswow64dns-sd.exe
2010-07-27 14:03:24 12867584 ----a-w- c:windowssyswow64shell32.dll
2010-07-12 08:55:38 15880 ----a-w- c:windowssystem32lsdelete.exe
2009-07-14 05:37:38 31548 ----a-w- c:windowsinfperflib0409perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:windowsinfperflib0409perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:windowsinfperflib0409perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:windowsinfperflib0409perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:program filesdesktop.ini
2009-07-14 04:54:24 174 --sha-w- c:program files (x86)desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:windowsinfperflib0000perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:windowsinfperflib0000perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:windowsinfperflib0000perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:windowsinfperflib0000perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:windowsfontsStaticCache.dat
2009-07-14 01:39:53 398848 --sha-w- c:windowswinsxsamd64_microsoft-windows-mail-

app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:windowswinsxsx86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c

WinMail.exe

============= FINISH: 16:27:08.50 ===============

Merged posts and removed my reply. ~ OB

Attached Files


Edited by Budapest, 02 October 2010 - 03:21 PM.


BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:31 PM

Posted 05 October 2010 - 07:14 AM

Hello cleanjack

Welcome to BleepingComputer smile.gif
==========================
  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold

    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll

  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users